cross-platform virus

[John]

Lukas Sabota wrote:
>>Fair enough, it actually is quite a worrying scenario. If, for example, 
>>the menu entry for synaptic were to be targeted, and changed to load a 
>>virus instead, then you would type the password into gksudo without 
>>realising you are activating a virus. This definitely needs to be fixed. 
>>Maybe if there is the command being run in BIG LETTERS next to the place 
>>where you type in your password.
> 
> 
> Yes, but if they are hacking the desktop entry, they could also hack the

The users' copy of the desktop entry? I'm not so sure.

I don't use Gnome; see whether you can change it with your menu editor.


> sudo command as well.  They could create a "gksud" a psuedo-sudo
> program.  This program could say /usr/bin/synaptic, but really
> run /usr/bin/VirusXXx.  So I'm not sure how much emphasizing the command

If they have /usr/bin/VirusXXx then the battle's already won and lost.

I'd be more worried about ~/bin/badstuff.

_That_ could probably be curbed with selinux.